finished exports (now need the firewalls and internal network parts...)

79cd4b6b · Karl Grube · a743db4a · 79cd4b6b · 79cd4b6b
Commit 79cd4b6b authored 1 year ago by Karl Grube
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -5,3 +5,6 @@ allow_default_ipv6: False
 dc_ranges: []
 dc4_ranges: []
+anycast_ranges: []
+anycast4_ranges: []
--- a/templates/frr_conf.j2
+++ b/templates/frr_conf.j2
@@ -23,6 +23,7 @@ router bgp {{bgp_asn}}
 {%     if ip|ansible.utils.ipv4 %}
  neighbor {{ip}} activate
  neighbor {{ip}} prefix-list internet in
+  neighbor {{ip}} prefix-list my-networks out
 {%     endif %}
 {%   endfor %}
 {% endfor %}
@@ -34,11 +35,11 @@ router bgp {{bgp_asn}}
 {%     if ip|ansible.utils.ipv6 %}
  neighbor {{ip}} activate
  neighbor {{ip}} prefix-list internet in
+  neighbor {{ip}} prefix-list my-networks out
 {%     endif %}
 {%   endfor %}
 {% endfor %}
 !
 {% if allow_default_ipv6 == True %}
 ipv6 prefix-list internet seq 5 permit ::/0
 {% endif %}
@@ -87,7 +88,14 @@ ipv6 prefix-list internet seq {{(loop.index|int)*10+400}} deny {{prefix|regex_re
 ipv6 prefix-list internet seq {{(loop.index|int)*10+410}} permit any
 {%   endif %}
 {% endfor %}
+!
+{% for range in dc_ranges + anycast_ranges %}
+ipv6 prefix-list my-networks seq {{(loop.index|int)*10}} permit {{range}}
+{%   if loop.last %}
+ipv6 prefix-list my-networks seq {{(loop.index|int)*10+10}} deny any
+{%   endif %}
+{% endfor %}
+!
 {% if allow_default_ipv4 == True %}
 ip prefix-list internet seq 5 permit 0.0.0.0/0
 {% endif %}
@@ -113,4 +121,10 @@ ip prefix-list internet seq {{(loop.index|int)*10+160}} deny {{prefix|regex_repl
 ip prefix-list internet seq {{(loop.index|int)*10+170}} permit any
 {%   endif %}
 {% endfor %}
+!
+{% for range in dc4_ranges + anycast4_ranges %}
+ip prefix-list my-networks seq {{(loop.index|int)*10}} permit {{range}}
+{%   if loop.last %}
+ip prefix-list my-networks seq {{(loop.index|int)*10+10}} deny any
+{%   endif %}
+{% endfor %}